Secure identification method between two radiofredquency network appliances

ABSTRACT

The invention concerns a method for accessing radio-frequency networks known as BLUETOOTH. The access to an apparatus is obtained via a network apparatus by selecting one of the two appliances as master-apparatus ( 10 ) and the other as slave-apparatus ( 12 ), and by initialising on the master-apparatus ( 10 ) an automatic identification procedure consisting essentially in placing the appliances ( 10, 12 ) in immediate proximity and in transmitting very short range signals to be exclusively received by the slave-apparatus ( 12 ). Then it consists in initialising a standard connection procedure and if it is successful, an identification key is generated which is used for subsequent exchanges in normal operating conditions.

[0001] The invention relates to radiofrequency networks in which thenetwork units communicate with one another by means of radiofrequencylinks and, more particularly, a method, in the networks, which permitstwo units in the network to recognise each other and to then communicatein a secure manner.

[0002] Making radiofrequency links between electronic units such as apersonal computer, a printer, a mobile or fixed-line phone, etc., isknown by making use of, for example, the specifications of a networkknown as “BLUETOOTH” which are defined in documents ETS 300-328 and ETS300-339.

[0003] In such a BLUETOOTH network, the units each have an address bywhich they can be identified but this address is clearly transmitted inradiofrequency signals. The result is that the radiofrequency links arenot secure.

[0004] To overcome this problem, it is proposed to enter an identicalsecret code in each of the two units to be connected and this will thenpermit session keys to be generated for authentication and encryption.

[0005] This process can prove to be tiresome, in that it is necessary tokey in the code twice on a keyboard and the code may have numerousdigits or letters.

[0006] Moreover, some network units, an earphone for a mobile phone, forexample, might not have a keyboard, with the result that this code mustbe registered permanently, or almost permanently, in the unit with nokeyboard. This leads to permission to access the network for anyone whopicks up the unit, without having to identify themselves as a user.

[0007] It is also proposed to connect the two units with a cable link inorder to exchange the session keys under maximum security, to ensuresubsequent authentication and encryption. The inconvenient thing aboutthis solution resides in the fact that each unit must be fitted with aspecial plug which will differ from one unit to another. An aim of thepresent invention, therefore, is to implement a process of recognitionbetween two units in a radiofrequency network, a method which allowssecure recognition of the two units to occur.

[0008] The invention, therefore, relates to a method of securerecognition between two units in a radiofrequency network, characterisedin that it comprises the following steps, which consist in:

[0009] (a) starting the two units,

[0010] (b) selecting one of the two units as the master unit and theother as the slave unit,

[0011] (c) moving the two units into immediate proximity to one another,

[0012] (d) on the master unit, launching an automatic secure recognitionprocess consisting in:

[0013] (d1) transmitting signals according to a radiation pattern, insuch a way that the signals are only picked up by the slave unit,

[0014] (d2) launching a standard connection process to theradiofrequency network, and, in the case of successful connection to theradiofrequency network,

[0015] (d3) generating a recognition key with the intention of makingsubsequent connections secure,

[0016] (d4) re-transmitting signals according to the normal radiationpattern,

[0017] (e) placing the two units at a distance from each other, foroperation at a normal distance.

[0018] Steps (d1) and (d2) are repeated in the event of the failure ofstep (d2), connection to the radiofrequency network. Steps (d1) and (d2)are repeated at least once with a radiation diagram with a greaterrange. The increase in range is achieved by modifying the signalstrength from the master unit, in particular. The invention also relatesto a master unit to build the method according to the invention andwhich comprises a transmitter-receiver connected to atransmitting-receiving antenna, so as to implement atransmission-reception device, characterised by thetransmission-reception device comprising means for modifying the rangeof the radiation pattern, so as to have an initial range correspondingto normal operation, and at least one second range smaller than thefirst one, to implement the method according to the invention.

[0019] Other characteristics and advantages of the present inventionwill become apparent on reading the following description of aparticular embodiment, the said description being given by reference tothe attached drawings in which:

[0020]FIG. 1 shows two units in a radiofrequency network to be connectedsecurely,

[0021]FIG. 2 shows the units from FIG. 1 in the process of securerecognition, according to the invention

[0022]FIG. 3 is a simplified diagram of a master unit antenna with amodulated transmission power, and

[0023]FIG. 4 is a diagram showing an antenna for a master unit, thedirectivity of which has a privileged direction of transmission.

[0024] The invention will be described in the establishment of aradiofrequency connection between a mobile phone 10 and an earphone 12(FIG. 1), this radiofrequency connection being realised according to thespecifications of the BLUETOOTH system, referred to above.

[0025] The units in a BLUETOOTH network are each fitted with aradiofrequency antenna, indicated at 14 for the phone 10 and 16 for theearphone 12.

[0026] As the two units 10 and 12 are to be interconnected, the firststep of the method, according to the invention, consists in:

[0027] (a) switching on the two units with a button (button 24) and 12.The effect of this switching-on will be to start up thetransmitter-receiver of each unit and to activate some functions such asthe display on a screen 18 and a keypad 20 of the phone 10.

[0028] This screen 18 will display, for example, a menu with severaloptions, one of which will be called “RECOGNITION”.

[0029] In the case of the two phones being equipped with a screen and akeypad, they will display the same menu. Then, in this case, the secondstep of the method consists in:

[0030] (b) selecting one of the two units as the master unit and theother as the slave unit. This selection does not exist in the case whereonly one of the two units has a display screen and a selection keypad,in which case it is the master unit.

[0031] As a result of this selection, the phone 10 acts as a masterunit, whereas the earphone 12 acts as a slave unit.

[0032] When this selection has been made, the third step consists in:

[0033] (c) moving the two phones 10 and 12 closer together, so thattheir antennae 14 and 16 are in immediate proximity to one another.

[0034] At the end of this step, the phones do not yet transmit anyradiofrequency signal.

[0035] The fourth step consists in:

[0036] (d) launching on the master unit, i.e., phone 10, an automaticsecure recognition process by selecting the option “RECOGNITION” on themenu displayed on the screen 18, via the selection buttons 22.

[0037] The effect of this launching of the “RECOGNITION” process is tocause the standard process of connecting to the radiofrequency networkto be implemented by the two units, but with one very importantdifference:

[0038] the master unit transmitter transmits radiofrequency signalsaccording to a radiation pattern which has an extremely limited range,so as to be picked up only by another unit right next to it, such as theearphone 12 (FIG. 2).

[0039] As soon as the slave unit is integrated in the radiofrequencynetwork by the standard network process, the master unit generates arecognition key which is then used to make subsequent exchanges ofinformation secure, between the master unit and the slave unit.

[0040] When the recognition key is known to the two units, the method,according to the invention, terminates and this termination is displayedon the screen (18) by a suitable message. The master unit re-transmits,according to the normal radiation pattern, which corresponds to thenormal range. The two units can then be placed at a distance from eachother and continue to exchange information according to the standardnetwork process, but those exchanges are secure, thanks to therecognition key.

[0041] If the method does not result in recognition, this fault iscommunicated to the user by a display or by any other means. The usermay then recommence the method at step (b) without changing the masterunit or by using the other unit as the master unit when it is possibleto do so.

[0042] If several slave units are in operation within the zone coveredby the radiation pattern, their presence will be detected by the masterunit, which will then give a forceful message indicating this situation,for example, “Insecure environment: several units present”.

[0043] In order to take account of the fact that the range of aradiation pattern depends on the power available from the batteries ofthe master unit, the method of the invention provides for severalsuccessive signal transmissions by the master unit at increasing powerlevels, in the case of the recognition process not ending with thelowest power level.

[0044] These transmissions at increasing power levels are stopped assoon as the recognition process has ended.

[0045] The implementation of the method according to the inventionentails the master unit being modified to be able to transmit signals inaccordance with at least two radiation patterns, one with a limitedrange for recognition and the other with a normal range for normaloperation without recognition.

[0046] This can be achieved by using two different antennae, one forrecognition, according to the invention, and the other for normaloperation. Just one antenna can also be used, with a power stage 28providing power which is modulated, for example, by modifying its inputimpedance 30 (FIG. 3), so as to “detune” the oscillating antenna signal,consisting of the condenser 32 and the antenna proper 34.

[0047] The input impedance 30 is then modified, so as to tune theoscillating circuit progressively, and to attain the minimum power-levelrequired for the signals transmitted by the master unit to be picked upby the slave unit.

[0048] The directivity of the antenna can also be modified, so as tofavour a particular transmission angle corresponding to the arrow 36.Only the slave unit 38 which is set in this direction 36 will receivethe transmitted signals.

[0049] When the secure link has been established between two units,according to the method of the invention, it can be interrupted, eithervoluntarily, by stopping one of the two units, or by exceeding themaster unit radiation range.

[0050] In both cases, the secure link can only be reestablished byrestarting the steps of the method at its beginning, which involvesestablishing the new link with another recognition key.

[0051] It will not, however, be necessary to repeat step (a), startingthe unit, which has not been stopped, since a restart button has beenprovided to set the unit to step (b).

1. A process for secure recognition between two units (10, 12) of aradiofrequency network, characterised in that it comprises the followingsteps, consisting in: (a) switching on the two units (10, 12) (b)selecting one (10) of the two units as the master unit and the other(12) as the slave unit, (c) moving the two units (10, 12) to theimmediate proximity of one another (d) launching on the master unit (10)an automatic secure recognition process consisting in: (d1) transmittingsignals according to a radiation pattern in such a way that the signalsare only received by the slave unit (12), (d2) launching a standardconnection process to the radiofrequency network and, in the case ofsuccessful connection to the radiofrequency network, (d3) generating arecognition key with the intention of making subsequent exchangessecure, (d4) re-transmitting signals according to the normal radiationpattern, and (e) placing the two units (10, 12) at a distance from eachother for operation at a normal distance.
 2. A process according toclaim 1, characterised in that steps (d1) and (d2) are repeated in theevent of failure of step (d2), connection to the radiofrequency network.3. A process according to claim 2, characterised in that steps (d1) and(d2) are repeated at least once with a radiation pattern of greaterrange.
 4. A process according to claim 3, characterised in that theradiation pattern of greater range are obtained by increasing the powerapplied to the antenna of the master unit.
 5. A process according toclaim 3, characterised by the radiation pattern of greater range areobtained by modifying the tuning of the antenna of the master unit.
 6. Aprocess according to any one of the preceding claims 1 to 5,characterised in that the radiation pattern of the antenna of the masterunit has a privileged direction of radiation (36).
 7. A processaccording to any one of the preceding claims 1 to 6, characterised inthat the step (d3) is replaced by a step (d′3) which is implemented bythe slave unit.
 8. A process according to any one of the precedingclaims 1 to 7, characterised in that the method reverts to step (b) byselecting the slave unit as the master unit, in the case of failure ofoperation (d2), connection to the radiofrequency network.
 9. A masterunit for implementing the method according to any of the precedingclaims 1 to 8 and comprising a transmitter-receiver connected to atransmission-reception antenna (34) so as to realise atransmission-reception device, characterised in that thetransmission-reception device comprises means for modifying the range ofthe radiation pattern of the antenna, so as to have an initial rangecorresponding to normal operation and at least one range smaller thanthe first one, to implement the method according to the invention.
 10. Amaster unit according to claim 9, characterised in that the means ofmodifying the range of the radiation pattern of the antenna, comprisemeans to modify the power applied to the antenna.
 11. A master unitaccording to claim 9, characterised in that the means of modifying therange of the radiation pattern of the antenna, comprise means to modifythe tuning of the antenna circuit.
 12. A master unit according to one ofthe preceding claims 9 to 11, characterised in that thetransmission-reception antenna has a privileged direction oftransmission. (36).